The routing checks are validating the source mac address of the outer ethernet header. They reject every source mac address which is a broadcast address. But they also have to reject and multicast mac addresses.
Signed-off-by: Sven Eckelmann sven@narfation.org --- v3: - Fix patch subject v2: - clarify in commit message that only the outer ethernet header is affected (thanks Linus) - split in patch 1/2 - Allow zero mac address as source address in outer header as requested by Linus --- net/batman-adv/routing.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c index 610f2c4..913ab51 100644 --- a/net/batman-adv/routing.c +++ b/net/batman-adv/routing.c @@ -357,8 +357,8 @@ int batadv_recv_icmp_packet(struct sk_buff *skb, if (is_broadcast_ether_addr(ethhdr->h_dest)) goto out;
- /* packet with broadcast sender address */ - if (is_broadcast_ether_addr(ethhdr->h_source)) + /* packet with broadcast/multicast sender address */ + if (is_multicast_ether_addr(ethhdr->h_source)) goto out;
/* not for me */ @@ -449,8 +449,8 @@ static int batadv_check_unicast_packet(struct batadv_priv *bat_priv, if (is_broadcast_ether_addr(ethhdr->h_dest)) return -EBADR;
- /* packet with broadcast sender address */ - if (is_broadcast_ether_addr(ethhdr->h_source)) + /* packet with broadcast/multicast sender address */ + if (is_multicast_ether_addr(ethhdr->h_source)) return -EBADR;
/* not for me */ @@ -1091,8 +1091,8 @@ int batadv_recv_bcast_packet(struct sk_buff *skb, if (!is_broadcast_ether_addr(ethhdr->h_dest)) goto out;
- /* packet with broadcast sender address */ - if (is_broadcast_ether_addr(ethhdr->h_source)) + /* packet with broadcast/multicast sender address */ + if (is_multicast_ether_addr(ethhdr->h_source)) goto out;
/* ignore broadcasts sent by myself */
The routing check for management frames is validating the source mac address in the outer ethernet header. It rejects every source mac address which is a broadcast address. But it also has to reject the zero-mac address and multicast mac addresses.
Signed-off-by: Sven Eckelmann sven@narfation.org --- v3: - Fix patch subject v2: - clarify in commit message that only the outer ethernet header is affected (thanks Linus) - split in patch 1/2 --- net/batman-adv/routing.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c index 913ab51..e2b91e6 100644 --- a/net/batman-adv/routing.c +++ b/net/batman-adv/routing.c @@ -196,8 +196,8 @@ bool batadv_check_management_packet(struct sk_buff *skb, if (!is_broadcast_ether_addr(ethhdr->h_dest)) return false;
- /* packet with broadcast sender address */ - if (is_broadcast_ether_addr(ethhdr->h_source)) + /* packet with invalid sender address */ + if (!is_valid_ether_addr(ethhdr->h_source)) return false;
/* create a copy of the skb, if needed, to modify it. */
An unicast batman-adv packet cannot be transmitted to a multicast or zero mac address. So reject incoming packets which still have these classes of addresses as destination mac address in the outer ethernet header.
Signed-off-by: Sven Eckelmann sven@narfation.org --- v3: - Fix patch subject v2: - clarify in commit message that only the outer ethernet header is affected (thanks Linus) --- net/batman-adv/routing.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c index e2b91e6..65f405b 100644 --- a/net/batman-adv/routing.c +++ b/net/batman-adv/routing.c @@ -353,8 +353,8 @@ int batadv_recv_icmp_packet(struct sk_buff *skb,
ethhdr = eth_hdr(skb);
- /* packet with unicast indication but broadcast recipient */ - if (is_broadcast_ether_addr(ethhdr->h_dest)) + /* packet with unicast indication but non-unicast recipient */ + if (!is_valid_ether_addr(ethhdr->h_dest)) goto out;
/* packet with broadcast/multicast sender address */ @@ -445,8 +445,8 @@ static int batadv_check_unicast_packet(struct batadv_priv *bat_priv,
ethhdr = eth_hdr(skb);
- /* packet with unicast indication but broadcast recipient */ - if (is_broadcast_ether_addr(ethhdr->h_dest)) + /* packet with unicast indication but non-unicast recipient */ + if (!is_valid_ether_addr(ethhdr->h_dest)) return -EBADR;
/* packet with broadcast/multicast sender address */
On Saturday, August 6, 2016 5:04:21 PM CEST Sven Eckelmann wrote:
The routing checks are validating the source mac address of the outer ethernet header. They reject every source mac address which is a broadcast address. But they also have to reject and multicast mac addresses.
Signed-off-by: Sven Eckelmann sven@narfation.org
Applied this series in 3868d9b..bca103c.
Thanks, Simon
b.a.t.m.a.n@lists.open-mesh.org
-
Simon Wunderlich -
Sven Eckelmann